httpd-bugs mailing list archives

DO NOT REPLY [Bug 30854] New: - Invisible Directory name when Authentication required

Date

Wed, 25 Aug 2004 19:53:23 GMT

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30854>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30854
Invisible Directory name when Authentication required
Summary: Invisible Directory name when Authentication required
Product: Apache httpd-2.0
Version: 2.0.48
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: mod_dir
AssignedTo: bugs@httpd.apache.org
ReportedBy: jmv@versailles.inra.fr
I've configured httpd so that it has just to display
the content of a Directory that contains downloadable files.
One of the sub-directories is protected and
I've added Authentication rules in order to allow access to known users
(.htpasswd).
With Apache 1.3.31, the protected Directory was
visible ; a click on it starts the authentication process.
Since I've upgraded to Apache 2.0.48 the subfolder name isn't visible ;
I've to add it's name in the URL to access it via the authentication stage.
If I comment out all Auth* Directives, the Directory is visible.
Could you tell me if it is a security issue ? Not sure.
Here is the configuration
<Directory "/software/">
Options +Indexes
AllowOverride None
</Directory>
# Protected Directory
#
<Directory "/software/PCMI/">
Options +Indexes
AllowOverride None
AuthName "PCMI Directory"
AuthType Basic
AuthUserFile /etc/httpd/conf/passwd/pcmi.passwd
Require valid-user
</Directory>
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org